The following adds a --param to limit the depth of unswitched loop
nests. One can use --param max-unswitch-depth=1 to disable unswitching
of outer loops (the innermost loop will then be unswitched).
PR tree-optimization/107946
* params.opt (-param=max-unswitch-depth=): New.
* doc/invoke.texi (--param=max-unswitch-depth): Document.
* tree-ssa-loop-unswitch.cc (init_loop_unswitch_info): Honor
--param=max-unswitch-depth
This patch includes "(or later)" in the documentation of the gcc
subdirectory's --with-dwarf2 configure flag. Closes PR59447.
gcc/ChangeLog:
PR bootstrap/59447
* configure: Regenerate.
* configure.ac: Document --with-dwarf2 flag as also
applying to later DWARF standards.
* doc/install.texi: Likewise.
gcc/testsuite/ChangeLog:
* gcc.dg/analyzer/string-ops-concat-pair.c: New test.
* gcc.dg/analyzer/string-ops-dup.c: New test.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
;; if reg/mem op
(define_insn_reservation "slm_sseishft_3" 2
(and (eq_attr "cpu" "slm")
(and (eq_attr "type" "sseishft")
(not (match_operand 2 "immediate_operand"))))
"slm-complex, slm-all-eu")
in slm.md it will check operands[2] for type sseishft, but for
extendbfsf2_1 there's no second operand which caused ICE.
The patch set type from sseishft to sseishft1 to fix the issue.
gcc/ChangeLog:
PR target/107934
* config/i386/i386.md (extendbfsf2_1): Change type from
sseishft to sseishft1.
gcc/testsuite/ChangeLog:
* gcc.target/i386/pr107934.c: New test.
Here we end up giving the two BOUND_TEMPLATE_TEMPLATE_PARMs
C<decltype(f::t)> and C<decltype(g::t)> the same TYPE_CANONICAL because
the hash table that interns TYPE_CANONICAL for template type parameters
doesn't set the comparing_specializations flag which controls how
PARM_DECLs from different contexts compare equal.
Later, from spec_hasher::equal for the corresponding two specializations
A<C<decltype(f::t)>> and A<C<decltype(g::t)>>, we compare the two bound
ttps with comparing_specializations set hence they now (structurally)
compare different despite having the same TYPE_CANONICAL, and so we get
the error:
internal compiler error: same canonical type node for different types
'C<decltype (t)>' and 'C<decltype (t)>'
This suggests that we should be setting comparing_specializations from
ctp_hasher::equal to match spec_hasher::equal. But doing so introduces
a separate ICE in cpp2a/concepts-placeholder3.C:
internal compiler error: canonical types differ for identical types
'auto [requires ::same_as<<placeholder>, decltype(f::x)>]' and
'auto [requires ::same_as<<placeholder>, decltype(g::x)>]'
because norm_hasher::equal doesn't set comparing_specializations either.
I'm not sure when exactly we need to set comparing_specializations given
what it controls (TYPENAME_TYPE equality/hashing and PARM_DECL equality)
but it seems to be the conservative choice to set the flag wherever we
have a global hash table that relies on type equality. To that end this
patch sets comparing_specializations in ctp_hasher and norm_hasher, as
well as in atom_hasher and sat_hasher for good measure. This turns out
to be a compile time win of about 2% in some concepts tests, probably
because of the improved TYPENAME_TYPE hashing enabled by the flag.
PR c++/107539
gcc/cp/ChangeLog:
* constraint.cc (norm_hasher::hash, norm_hasher::equal): Set
comparing_specializations.
(sat_hasher::hash, sat_hasher::equal): Likewise.
* cp-tree.h (atom_hasher::hash, atom_hasher::equal): Likewise.
* pt.cc (ctp_hasher::hash, ctp_hasher::equal): Likewise.
gcc/testsuite/ChangeLog:
* g++.dg/template/canon-type-19.C: New test.
Not providing an error handler results in a null pointer dereference
when an error occurs.
Co-authored-by: Jonathan Wakely <jwakely@redhat.com>
libstdc++-v3/ChangeLog:
* include/std/stacktrace (stacktrace_entry::_S_err_handler): New
static function.
(stacktrace_entry, basic_stacktrace): Pass &_S_err_handler to
all calls to libbacktrace.
This patch fixes a type confusion bug in varasm.cc:assemble_variable.
The problem is that the current code calls:
sect = get_variable_section (decl, false);
and then accesses sect->named.name without checking whether the section
is in fact a named section. In the surrounding else clause, we only know
that SECTION_STYLE (sect) != SECTION_NOSWITCH, so it is possible that
the section is an unnamed section.
In practice, this means that we end up doing a wild string compare
between a function pointer and the string literal ".vtable_map_vars".
This is because sect->named.name aliases sect->unnamed.callback in the
section union.
This can be seen in GDB with a simple testcase such as "int x;".
This patch fixes the issue by checking the SECTION_STYLE of the section
is in fact SECTION_NAMED before trying to do the string comparison.
We drop the existing check of whether sect->named.name is non-NULL
because this should presumably always be the case for a named section.
gcc/ChangeLog:
* varasm.cc (assemble_variable): Fix type confusion bug when
checking for ".vtable_map_vars" section.
1. vector.md: remove tail && mask policy operand for mask mode operations since
we don't need them according to RVV ISA.
2. riscv-v.cc: adapt emit_pred_op for mask mode predicated mov since all RVV modes
including vector integer mode && vector float mode && vector bool mode are
all use emit_pred_op function. For vector integer mode && vector float mode,
we have instruction like vle.v/vse.v that we need tail && mask policy.
However, for vector bool mode, the instruction is vlm/vsm that we don't need
tail && mask policy. So we add a condition here to add tail && mask policy operand
during expand if it is not a vector bool modes.
This patch is to cleanup the code and make it be consistent with RVV ISA.
gcc/ChangeLog:
* config/riscv/riscv-v.cc (emit_pred_op): Adapt for mask mode.
* config/riscv/vector.md: Remove Tail && make policy operand for mask mode mov.
Provide a specific builtin for each possible value of '-march'.
gcc/ChangeLog:
* config/gcn/gcn-opts.h (TARGET_FIJI): -march=fiji.
(TARGET_VEGA10): -march=gfx900.
(TARGET_VEGA20): -march=gfx906.
(TARGET_GFX908): -march=gfx908.
(TARGET_GFX90a): -march=gfx90a.
* config/gcn/gcn.h (TARGET_CPU_CPP_BUILTINS): Define a builtin that
uniquely maps to '-march'.
This is necessary for unconstrained allocators with qualified expression.
gcc/ada/
* gcc-interface/trans.cc (get_storage_model_access): Strip any type
conversion around the node before looking into it.
Ada 2022 requires that an Aggregate aspect specification shall specify a
a name for at least one of Add_Named, Add_Unnamed, or Assign_Indexed.
Enforce this rule.
gcc/ada/
* sem_ch13.adb
(Validate_Aspect_Aggregate): Reject illegal case where none of
Add_Named, Add_Unnamed, and Assign_Indexed are specified.
When an Address attribute applies to an object that is a dereference of
an access value whose type has aspect Designated_Storage_Model, the
attribute will now be treated as having the address type associated
with the Storage_Model_Type of the access type's associated Storage_Model
object instead of being of type System.Address.
gcc/ada/
* sem_attr.adb (Analyze_Attribute, Attribute_Address): In the case
where the attribute's prefix is a dereference of a value of an
access type that has aspect Designated_Storage_Model (or a
renaming of such a dereference), set the attribute's type to the
corresponding Storage_Model_Type's associated address type rather
than System.Address.
This patch fixes a few minor issues in the GNAT library section of
the reference manual.
gcc/ada/
* doc/gnat_rm/the_gnat_library.rst: Fix minor issues.
* gnat_rm.texi: Regenerate.
After the recent patches to improve / tidy up MVE tests and patterns,
a few more tests need to be updated (replacing spaces with tabs).
gcc/testsuite/ChangeLog:
* gcc.target/arm/simd/mve-compare-1.c: Update.
* gcc.target/arm/simd/mve-compare-scalar-1.c: Update.
* gcc.target/arm/simd/mve-vabs.c: Update.
* gcc.target/arm/simd/mve-vadd-1.c: Update.
* gcc.target/arm/simd/mve-vadd-scalar-1.c: Update.
* gcc.target/arm/simd/mve-vcmp.c: Update.
* gcc.target/arm/simd/pr101325.c: Update.
The following changes the predicate representation to record the
value of a predicate with an empty set of AND predicates. That's
necessary to properly represent the conservative fallback for the
def vs use predicates. Since simplification now can result in
such an empty set this distinction becomes important and we need
to check for this as we otherwise ICE.
PR tree-optimization/107937
* gimple-predicate-analysis.h (predicate::is_true): New.
(predicate::is_false): Likewise.
(predicate::empty_val): Likewise.
(uninit_analysis::uninit_analysis): Properly initialize
def_preds.
* gimple-predicate-analysis.cc (simplify_1b): Indicate
whether the chain became empty.
(predicate::simplify): Release emptied chain before removing it.
(predicate::normalize): Replace temporary object with assertion.
(uninit_analysis::is_use_guarded): Deal with predicates
that simplify to true/false.
* gcc.dg/pr107937.c: New testcase.
The following makes sure to honor the backedge processing logic
that forces VARYING there.
PR tree-optimization/107935
* tree-ssa-sccvn.cc (visit_phi): Honor forced VARYING on
backedges.
* gcc.dg/torture/pr107935.c: New testcase.
On the first testcase we've regressed since 12 at -O2:
- movq 8(%rsi), %rax
- movq %rdi, %r8
- movq (%rsi), %rdi
+ movq (%rsi), %rax
+ movq 8(%rsi), %r8
movl %edx, %ecx
- shrdq %rdi, %rax
- movq %rax, (%r8)
+ xorl %r9d, %r9d
+ movq %rax, %rdx
+ xorl %eax, %eax
+ orq %r8, %rax
+ orq %r9, %rdx
+ shrdq %rdx, %rax
+ movq %rax, (%rdi)
On the second testcase we've emitted such terrible code
with the useless xors and ors for a long time.
For PR91681 the *concat<mode><dwi>3_{1,2,3,4} patterns have been added
but they allow just register inputs and register or memory offsettable
output.
The following patch fixes this by allowing also memory inputs on those
patterns, because the pattern is then split to 0-2 emit_move_insns or
one xchg and those can handle loads from memory too just fine.
So that we don't narrow memory loads (source has 128-bit (or for ia32
64-bit) load and we would make 64-bit (or for ia32 32-bit) load out of it),
register_operand -> nonmemory_operand change is done only for operands
in zero_extend arguments. o <- m, m or o <- m, r or o <- r, m alternatives
aren't used, we'd lack registers to perform the moves. But what is
in addition to the current ro <- r, r supported are r <- m, r and r <- r, m
(in that case we just need to be careful about corner cases, see what
emit_move_insn we'd call and if we wouldn't clobber registers used in m's
address before loading - split_double_concat handles that now) and
&r <- m, m (in that case I think the early clobber is the easiest solution).
The first testcase then on 12 -> patched trunk at -O2 changes:
- movq 8(%rsi), %rax
- movq %rdi, %r8
- movq (%rsi), %rdi
+ movq 8(%rsi), %r9
+ movq (%rsi), %r10
movl %edx, %ecx
- shrdq %rdi, %rax
- movq %rax, (%r8)
+ movq %r9, %rax
+ shrdq %r10, %rax
+ movq %rax, (%rdi)
so same amount of instructions and second testcase 12 -> patched trunk
at -O2 -m32:
- pushl %edi
- xorl %edi, %edi
pushl %esi
- movl 16(%esp), %esi
+ pushl %ebx
+ movl 16(%esp), %eax
movl 20(%esp), %ecx
- movl (%esi), %eax
- movl 4(%esi), %esi
- movl %eax, %edx
- movl $0, %eax
- orl %edi, %edx
- orl %esi, %eax
- shrdl %edx, %eax
movl 12(%esp), %edx
+ movl 4(%eax), %ebx
+ movl (%eax), %esi
+ movl %ebx, %eax
+ shrdl %esi, %eax
movl %eax, (%edx)
+ popl %ebx
popl %esi
- popl %edi
BTW, I wonder if we couldn't add additional patterns which would catch
the case where one of the operands is constant and how does this interact
with the stv pass in 32-bit mode where I think stv is right after combine,
so if we match these patterns, perhaps it would be nice to handle them
in stv (unless they are handled there already).
2022-12-01 Jakub Jelinek <jakub@redhat.com>
PR target/107627
* config/i386/i386.md (*concat<mode><dwi>3_1, *concat<mode><dwi>3_2):
For operands which are zero_extend arguments allow memory if
output operand is a register.
(*concat<mode><dwi>3_3, *concat<mode><dwi>3_4): Likewise. If
both input operands are memory, use early clobber on output operand.
* config/i386/i386-expand.cc (split_double_concat): Deal with corner
cases where one input is memory and the other is not and the address
of the memory input uses a register we'd overwrite before loading
the memory into a register.
* gcc.target/i386/pr107627-1.c: New test.
* gcc.target/i386/pr107627-2.c: New test.
The first is an actual bug: remove_contract_attributes was only keeping one
attribute. The second just helps flow analysis in optimizers and static
analyzers.
gcc/cp/ChangeLog:
* contracts.cc (remove_contract_attributes): Actually prepend
to the list.
* pt.cc (tsubst_contract): Only look for a postcondition if type is
nonnull.
For __builtin_ia32_vec_set_v16qi (a, -1, 2) with
!flag_signed_char. it's transformed to
__builtin_ia32_vec_set_v16qi (_4, 255, 2) in the gimple,
and expanded to (const_int 255) in the rtl. But for immediate_operand,
it expects (const_int 255) to be signed extended to
(const_int -1). The mismatch caused an unrecognizable insn error.
The patch converts (const_int 255) to (const_int -1) in the backend
expander.
gcc/ChangeLog:
PR target/107863
* config/i386/i386-expand.cc (ix86_expand_vec_set_builtin):
Convert op1 to target mode whenever mode mismatch.
gcc/testsuite/ChangeLog:
* gcc.target/i386/pr107863.c: New test.
gcc/analyzer/ChangeLog:
PR analyzer/106626
* bounds-checking.cc
(symbolic_past_the_end::describe_final_event): Delete, moving to
symbolic_buffer_overflow::describe_final_event and
symbolic_buffer_over_read::describe_final_event, eliminating
composition of text strings via "byte_str" and "m_dir_str".
(symbolic_past_the_end::m_dir_str): Delete field.
(symbolic_buffer_overflow::symbolic_buffer_overflow): Drop
m_dir_str.
(symbolic_buffer_overflow::describe_final_event): New, as noted
above.
(symbolic_buffer_over_read::symbolic_buffer_overflow): Drop
m_dir_str.
(symbolic_buffer_over_read::describe_final_event): New, as noted
above.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
Convert out-of-bounds class hierarchy from:
pending_diagnostic
out_of_bounds
past_the_end
buffer_overflow (*)
buffer_over_read (*)
buffer_underwrite (*)
buffer_under_read (*)
symbolic_past_the_end
symbolic_buffer_overflow (*)
symbolic_buffer_over_read (*)
to:
pending_diagnostic
out_of_bounds
concrete_out_of_bounds
concrete_past_the_end
concrete_buffer_overflow (*)
concrete_buffer_over_read (*)
concrete_buffer_underwrite (*)
concrete_buffer_under_read (*)
symbolic_past_the_end
symbolic_buffer_overflow (*)
symbolic_buffer_over_read (*)
where the concrete classes (i.e. the instantiable ones) are marked
with a (*).
Doing so undercovered a bug where, for CWE-131-examples.c, we were
emitting an extra:
warning: heap-based buffer over-read [CWE-122] [-Wanalyzer-out-of-bounds]
at the:
WidgetList[numWidgets] = NULL;
The issue was that within set_next_state we get the rvalue for the LHS,
which looks like a read to the bounds-checker. The patch fixes this by
passing NULL as the region_model_context * for such accesses.
gcc/analyzer/ChangeLog:
* bounds-checking.cc (class out_of_bounds): Split out from...
(class concrete_out_of_bounds): New abstract subclass.
(class past_the_end): Rename to...
(class concrete_past_the_end): ...this, and make a subclass of
concrete_out_of_bounds.
(class buffer_overflow): Rename to...
(class concrete_buffer_overflow): ...this, and make a subclass of
concrete_past_the_end.
(class buffer_over_read): Rename to...
(class concrete_buffer_over_read): ...this, and make a subclass of
concrete_past_the_end.
(class buffer_underwrite): Rename to...
(class concrete_buffer_underwrite): ...this, and make a subclass
of concrete_out_of_bounds.
(class buffer_under_read): Rename to...
(class concrete_buffer_under_read): ...this, and make a subclass
of concrete_out_of_bounds.
(class symbolic_past_the_end): Convert to a subclass of
out_of_bounds.
(symbolic_buffer_overflow::get_kind): New.
(symbolic_buffer_over_read::get_kind): New.
(region_model::check_region_bounds): Update for renamings.
* engine.cc (impl_sm_context::set_next_state): Eliminate
"new_ctxt", passing NULL to get_rvalue instead.
(impl_sm_context::warn): Likewise.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
The region-creation event at the start of...
<source>: In function 'int_arr_write_element_after_end_off_by_one':
<source>:14:11: warning: buffer overflow [CWE-787] [-Wanalyzer-out-of-bounds]
14 | arr[10] = x;
| ~~~~~~~~^~~
event 1
|
| 10 | int32_t arr[10];
| | ^~~
| | |
| | (1) capacity is 40 bytes
|
+--> 'int_arr_write_element_after_end_off_by_one': events 2-3
|
| 12 | void int_arr_write_element_after_end_off_by_one(int32_t x)
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (2) entry to 'int_arr_write_element_after_end_off_by_one'
| 13 | {
| 14 | arr[10] = x; /* { dg-line line } */
| | ~~~~~~~~~~~
| | |
| | (3) out-of-bounds write from byte 40 till byte 43 but 'arr' ends at byte 40
|
<source>:14:11: note: write of 4 bytes to beyond the end of 'arr'
14 | arr[10] = x;
| ~~~~~~~~^~~
<source>:14:11: note: valid subscripts for 'arr' are '[0]' to '[9]'
...makes diagnostic_manager::finish_pruning consider the path to be
interprocedural, and so it doesn't prune the function entry event.
This patch tweaks diagnostic_path::interprocedural_p to ignore
leading events outside of any function, so that it considers the
path to be intraprocedural, and thus diagnostic_manager::finish_pruning
prunes the function entry event, leading to this simpler output:
<source>: In function 'int_arr_write_element_after_end_off_by_one':
<source>:14:11: warning: buffer overflow [CWE-787] [-Wanalyzer-out-of-bounds]
14 | arr[10] = x;
| ~~~~~~~~^~~
event 1
|
| 10 | int32_t arr[10];
| | ^~~
| | |
| | (1) capacity is 40 bytes
|
+--> 'int_arr_write_element_after_end_off_by_one': event 2
|
| 14 | arr[10] = x;
| | ~~~~~~~~^~~
| | |
| | (2) out-of-bounds write from byte 40 till byte 43 but 'arr' ends at byte 40
|
<source>:14:11: note: write of 4 bytes to beyond the end of 'arr'
<source>:14:11: note: valid subscripts for 'arr' are '[0]' to '[9]'
gcc/ChangeLog:
PR analyzer/106626
* diagnostic-path.h
(diagnostic_path::get_first_event_in_a_function): New decl.
* diagnostic.cc (diagnostic_path::get_first_event_in_a_function):
New.
(diagnostic_path::interprocedural_p): Ignore leading events that
are outside of any function.
gcc/testsuite/ChangeLog:
PR analyzer/106626
* gcc.dg/analyzer/out-of-bounds-multiline-1.c: New test.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
This patch tweaks the wording of -Wanalyzer-out-of-bounds:
* use the spellings/terminology of CWE:
* replace "underread" with "under-read", as per:
https://cwe.mitre.org/data/definitions/127.html
* replace "overread" with "over-read" as per:
https://cwe.mitre.org/data/definitions/126.html
* replace "underflow" with "underwrite" as per:
https://cwe.mitre.org/data/definitions/124.html
* wherever known, specify the memory region of the bad access,
so that it says e.g. "heap-based buffer over-read"
or "stack-based buffer over-read"
gcc/analyzer/ChangeLog:
PR analyzer/106626
* bounds-checking.cc (out_of_bounds::get_memory_space): New.
(buffer_overflow::emit): Use it.
(class buffer_overread): Rename to...
(class buffer_over_read): ...this.
(buffer_over_read::emit): Specify which memory space the read is
from, where known. Change "overread" to "over-read".
(class buffer_underflow): Rename to...
(class buffer_underwrite): ...this.
(buffer_underwrite::emit): Specify which memory space the write is
to, where known. Change "underflow" to "underwrite".
(class buffer_underread): Rename to...
(class buffer_under_read): Rename to...
(buffer_under_read::emit): Specify which memory space the read is
from, where known. Change "underread" to "under-read".
(symbolic_past_the_end::get_memory_space): New.
(symbolic_buffer_overflow::emit): Use it.
(class symbolic_buffer_overread): Rename to...
(class symbolic_buffer_over_read): ...this.
(symbolic_buffer_over_read::emit): Specify which memory space the
read is from, where known. Change "overread" to "over-read".
(region_model::check_symbolic_bounds): Update for class renaming.
(region_model::check_region_bounds): Likewise.
gcc/testsuite/ChangeLog:
PR analyzer/106626
* gcc.dg/analyzer/call-summaries-2.c: Update expected results.
* gcc.dg/analyzer/out-of-bounds-1.c: Likewise.
* gcc.dg/analyzer/out-of-bounds-2.c: Likewise.
* gcc.dg/analyzer/out-of-bounds-3.c: Likewise.
* gcc.dg/analyzer/out-of-bounds-4.c: Likewise.
* gcc.dg/analyzer/out-of-bounds-5.c: Likewise.
* gcc.dg/analyzer/out-of-bounds-container_of.c: Likewise.
* gcc.dg/analyzer/out-of-bounds-read-char-arr.c: Likewise. Rename
functions from "int_arr_" to "char_arr_".
* gcc.dg/analyzer/out-of-bounds-read-int-arr.c: Update expected
results.
* gcc.dg/analyzer/out-of-bounds-read-struct-arr.c: New test.
* gcc.dg/analyzer/out-of-bounds-write-char-arr.c: Update expected
results. Rename functions from "int_arr_" to "char_arr_".
* gcc.dg/analyzer/out-of-bounds-write-int-arr.c: Update expected
results.
* gcc.dg/analyzer/out-of-bounds-write-struct-arr.c: New test.
* gcc.dg/analyzer/pr101962.c: Update expected results.
* gcc.dg/analyzer/realloc-5.c: Update expected results.
* gcc.dg/analyzer/zlib-3.c: Update expected results.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
Consider -fanalyzer on:
#include <stdint.h>
int32_t arr[10];
void int_arr_write_element_after_end_off_by_one(int32_t x)
{
arr[10] = x;
}
Trunk x86_64: https://godbolt.org/z/17zn3qYY4
Currently we emit:
<source>: In function 'int_arr_write_element_after_end_off_by_one':
<source>:7:11: warning: buffer overflow [CWE-787] [-Wanalyzer-out-of-bounds]
7 | arr[10] = x;
| ~~~~~~~~^~~
event 1
|
| 3 | int32_t arr[10];
| | ^~~
| | |
| | (1) capacity is 40 bytes
|
+--> 'int_arr_write_element_after_end_off_by_one': events 2-3
|
| 5 | void int_arr_write_element_after_end_off_by_one(int32_t x)
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (2) entry to 'int_arr_write_element_after_end_off_by_one'
| 6 | {
| 7 | arr[10] = x;
| | ~~~~~~~~~~~
| | |
| | (3) out-of-bounds write from byte 40 till byte 43 but 'arr' ends at byte 40
|
<source>:7:11: note: write of 4 bytes to beyond the end of 'arr'
7 | arr[10] = x;
| ~~~~~~~~^~~
This is worded in terms of bytes, due to the way -Wanalyzer-out-of-bounds
is implemented, but this isn't what the user wrote.
This patch tries to get closer to the user's code by adding a note about
array bounds when we're referring to an array. In the above example it
adds this trailing note:
note: valid subscripts for 'arr' are '[0]' to '[9]'
gcc/analyzer/ChangeLog:
PR analyzer/106626
* bounds-checking.cc (out_of_bounds::maybe_describe_array_bounds):
New.
(buffer_overflow::emit): Call maybe_describe_array_bounds.
(buffer_overread::emit): Likewise.
(buffer_underflow::emit): Likewise.
(buffer_underread::emit): Likewise.
gcc/testsuite/ChangeLog:
PR analyzer/106626
* gcc.dg/analyzer/call-summaries-2.c: Add dg-message for expected
note about valid indexes.
* gcc.dg/analyzer/out-of-bounds-1.c: Likewise, fixing up existing
dg-message directives.
* gcc.dg/analyzer/out-of-bounds-write-char-arr.c: Likewise.
* gcc.dg/analyzer/out-of-bounds-write-int-arr.c: Likewise.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
Consider -fanalyzer on:
#include <stdint.h>
int32_t arr[10];
void int_arr_write_element_after_end_far(int32_t x)
{
arr[100] = x;
}
Trunk x86_64: https://godbolt.org/z/7GqEcYGq6
Currently we emit:
<source>: In function 'int_arr_write_element_after_end_far':
<source>:7:12: warning: buffer overflow [CWE-787] [-Wanalyzer-out-of-bounds]
7 | arr[100] = x;
| ~~~~~~~~~^~~
event 1
|
| 3 | int32_t arr[10];
| | ^~~
| | |
| | (1) capacity is 40 bytes
|
+--> 'int_arr_write_element_after_end_far': events 2-3
|
| 5 | void int_arr_write_element_after_end_far(int32_t x)
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (2) entry to 'int_arr_write_element_after_end_far'
| 6 | {
| 7 | arr[100] = x;
| | ~~~~~~~~~~~~
| | |
| | (3) out-of-bounds write from byte 400 till byte 403 but 'arr' ends at byte 40
|
<source>:7:12: note: write is 4 bytes past the end of 'arr'
7 | arr[100] = x;
| ~~~~~~~~~^~~
The wording of the final note:
"write is 4 bytes past the end of 'arr'"
reads to me as if the "4 bytes past" is describing where the access
occurs, which seems wrong, as the write is far beyond the end of the
array. Looking at the implementation, it's actually describing the
number of bytes within the access that are beyond the bounds of the
buffer.
This patch updates the wording so that the final note reads
"write of 4 bytes to beyond the end of 'arr'"
which more clearly expresses that it's the size of the access
being described.
The patch also uses inform_n to avoid emitting "1 bytes".
gcc/analyzer/ChangeLog:
PR analyzer/106626
* bounds-checking.cc (buffer_overflow::emit): Use inform_n.
Update wording to clarify that we're talking about the size of
the bad access, rather than its position.
(buffer_overread::emit): Likewise.
gcc/testsuite/ChangeLog:
PR analyzer/106626
* gcc.dg/analyzer/out-of-bounds-read-char-arr.c: Update for
changes to expected wording.
* gcc.dg/analyzer/out-of-bounds-read-int-arr.c: Likewise.
* gcc.dg/analyzer/out-of-bounds-write-char-arr.c: Likewise.
* gcc.dg/analyzer/out-of-bounds-write-int-arr.c: Likewise.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
Adds an initial body of documentation for the D front-end - other than
the existing documentation for command-line usage/the man page.
Documentation covers code generation choices specific to GNU D - what
attributes are supported, intrinsics, pragmas, predefined versions,
language extensions, missing features and deviations from spec.
More could be added or elaborated upon, such as what linkage do
different symbols get, mixed language programming with C and C++, the
anatomy of a TypeInfo and ModuleInfo object, and so on. This is enough
as a first wave just to get it off the ground.
gcc/d/ChangeLog:
* Make-lang.in (D_TEXI_FILES): Add d/implement-d.texi.
* gdc.texi: Adjust introduction, include implement-d.texi.
* implement-d.texi: New file.
While most PA 2.0 instructions support both 32 and 64-bit traps
and conditions, the addi and subi instructions only support 32-bit
traps and conditions. Thus, we need to force immediate operands
to register operands on the 64-bit target and use the add/sub
instructions which can trap on 64-bit signed overflow.
2022-11-30 John David Anglin <danglin@gcc.gnu.org>
gcc/ChangeLog:
* config/pa/pa.md (addvdi3): Force operand 2 to a register.
Remove "addi,tsv,*" instruction from unamed pattern.
(subvdi3): Force operand 1 to a register.
Remove "subi,tsv" instruction from from unamed pattern.
According to the architecture pseudocode the FEAT_MOPS sequences overwrite the NZCV flags
as par of their operation, so GCC needs to model that in the relevant RTL patterns.
For the testcase:
void g();
void foo (int a, size_t N, char *__restrict__ in,
char *__restrict__ out)
{
if (a != 3)
__builtin_memcpy (out, in, N);
if (a > 3)
g ();
}
we will currently generate:
foo:
cmp w0, 3
bne .L6
.L1:
ret
.L6:
cpyfp [x3]!, [x2]!, x1!
cpyfm [x3]!, [x2]!, x1!
cpyfe [x3]!, [x2]!, x1!
ble .L1 // Flags reused after CPYF* sequence
b g
This is wrong as the result of cmp needs to be recalculated after the MOPS sequence.
With this patch we'll insert a "cmp w0, 3" before the ble, similar to what clang does.
Bootstrapped and tested on aarch64-none-linux-gnu.
Pushing to trunk and to the GCC 12 branch after some baking time.
gcc/ChangeLog:
* config/aarch64/aarch64.md (aarch64_cpymemdi): Specify clobber of CC reg.
(*aarch64_cpymemdi): Likewise.
(aarch64_movmemdi): Likewise.
(aarch64_setmemdi): Likewise.
(*aarch64_setmemdi): Likewise.
gcc/testsuite/ChangeLog:
* gcc.target/aarch64/mops_5.c: New test.
* gcc.target/aarch64/mops_6.c: Likewise.
* gcc.target/aarch64/mops_7.c: Likewise.
Continue labels in an unrolled loop require a unique label per
iteration. Previously this used the Statement body node for each
unrolled iteration to generate a new entry in the label hash table.
This does not work when the continue label has an identifier, as said
named label is pointing to the outer UnrolledLoopStatement node.
What would happen is that during the lowering of `continue label', an
automatic label associated with the unrolled loop would be generated,
and a jump to that label inserted, but because it was never pushed by
the visitor for the loop itself, it subsequently never gets emitted.
To fix, correctly use the UnrolledLoopStatement as the key to look up
and store the break/continue label pair, but remove the continue label
from the value entry after every loop to force a new label to be
generated by the next call to `push_continue_label'
PR d/107592
gcc/d/ChangeLog:
* toir.cc (IRVisitor::push_unrolled_continue_label): New method.
(IRVisitor::pop_unrolled_continue_label): New method.
(IRVisitor::visit (UnrolledLoopStatement *)): Use them instead of
push_continue_label and pop_continue_label.
gcc/testsuite/ChangeLog:
* gdc.dg/pr107592.d: New test.
Fixes:
gcc/fortran/parse.cc:5782:32: warning: for loop has empty body [-Wempty-body]
gcc/fortran/ChangeLog:
* parse.cc (parse_omp_structured_block): Remove extra semicolon.
According to the documentation, the -Werror= option makes the specified
warning into an error and also automatically implies that option. Then
it seems that the behavior of the compiler when specifying
-Werror=array-bounds=X should be the same as specifying
"-Werror=array-bounds -Warray-bounds=X", so we expect to receive
array-bounds pass diagnostics and they must be processed as errors.
In practice, we observe that the array-bounds pass is indeed invoked,
but its diagnostics are processed as warnings, not errors.
This happens because Warray-bounds and Warray-bounds= are
declared as two different options in common.opt, so when
diagnostic_classify_diagnostic is called, DK_ERROR is set for
the Warray-bounds= option, but diagnostic_report_diagnostic called from
warning_at receives opt_index of Warray-bounds, so information about
DK_ERROR is lost. Fix this by using Alias in declaration of
Warray-bounds (similar to Wattribute-alias).
Co-authored-by: Franz Sirl <Franz.Sirl-kernel@lauterbach.com>
gcc/ChangeLog:
PR driver/107787
* common.opt (Warray-bounds): Turn into alias of
-Warray-bounds=1.
* builtins.cc (c_strlen): Use OPT_Warray_bounds_
instead of OPT_Warray_bounds.
* diagnostic-spec.cc (nowarn_spec_t::nowarn_spec_t): Ditto.
* gimple-array-bounds.cc (array_bounds_checker::check_array_ref,
array_bounds_checker::check_mem_ref,
array_bounds_checker::check_addr_expr,
array_bounds_checker::check_array_bounds): Ditto.
* gimple-ssa-warn-restrict.cc (maybe_diag_access_bounds): Ditto.
gcc/c-family/ChangeLog:
PR driver/107787
* c-common.cc (fold_offsetof,
convert_vector_to_array_for_subscript): Use OPT_Warray_bounds_
instead of OPT_Warray_bounds.
gcc/testsuite/ChangeLog:
PR driver/107787
* gcc.dg/Warray-bounds-34.c: Correct the regular expression
for -Warray-bounds=.
* gcc.dg/Warray-bounds-43.c: Likewise.
* gcc.dg/pr107787.c: New test.
PR tree-optimization/101301
PR tree-optimization/103680
gcc/ChangeLog:
* tree-switch-conversion.cc (bit_test_cluster::emit):
Handle correctly remaining probability.
(switch_decision_tree::try_switch_expansion): Fix BB's count
where a cluster expansion happens.
(switch_decision_tree::emit_cmp_and_jump_insns): Fill up also
BB count.
(switch_decision_tree::do_jump_if_equal): Likewise.
(switch_decision_tree::emit_case_nodes): Handle special case
for BT expansion which can also fallback to a default BB.
* tree-switch-conversion.h (cluster::cluster): Add
m_default_prob probability.
